Hacker News new | past | comments | ask | show | jobs | submit login

What are you talking about about? I think you better look up how https/tls works??? Sure you have to trust the certificate authority. Also can you imagine the scandal that would erupt if Google or AWS cloud was discovered to be eavesdropping on companies running things in their cloud? I don't think so.



I believe the OP is talking about encryption for user data, not merely for transport.

Google, Amazon, &tc still store user data uninhibited and though they are often competent about security, they also often provide data to state actors as a normal course of action. The fact the a web browser communicates safely with an endpoint doesn't mean that endpoint isn't a bad apple itself. In some cases these endpoints are logging proxies to other servers and services, and though transport is again encrypted, the data is normally accessible by operators of such services.

Cloud computing has taken away the ownership of data from individuals, and that sounds like it has seeds of some kind of a revolution brewing.


Can you define "uninhibited"?


> can you imagine the scandal that would erupt if Google or AWS cloud was discovered to be eavesdropping on companies running things in their cloud

Remember the "SSL added and removed here" image?

https://thumbs.mic.com/MTBjNTQzNTMzZiMvbWVtejZOdjJsaUdUVkZEa...


That wasn't eavesdropping by Google. That was Google not using encrypted traffic on internal wires. And that changed a lot of years ago.


Yes, it was the US government eavesdropping for them without their consent, but the end result is basically the same.

Yes, that exact hole was patched, but the point is it wasn't the end of the world that great grandparent implied it would be.


Google Compute Engine didn't even exist at the time that slide was made, or at least was not publicly available. That slide was about government intercepting Google's traffic, not cloud customer traffic.


It was certainly smaller, but GCE was first publicly available in April/May 2013, Snowden leaked things in June 2013. I'm not quite sure when this slide was released but sometime after that.

Google moved to fix the problem after the start of the leaks. Pretty quickly (good for them), but after.


The slide was created long before Snowden leaked it, which is before GCE was publicly available. I said, "before the slide was made," not "before the slide was leaked."


I'm pretty sure RPC privacy boost was underway before the leaks. It was just launched more hurriedly after they came out.


I am pretty sure that this is a reference to cloudflare.


Google and AWS aren't eavesdropping directly. However a lot of companies are running unencrypted connections between their load balancers and their backend services. And we know from the Snowden documents the US Government does passive data collection there.


The USG does not need to look for weak points to do passive data collection.

Due to the third-party doctrine [0], they can simply demand access, don't even need a legal warrant. Because there's no reasonable expectation of privacy for data you willingly gave to third parties.

[0] https://en.wikipedia.org/wiki/Third-party_doctrine


It's easier to do it quietly though. If there's unencrypted network traffic, they just need to demand access from someone with physical access to the switches, plant a listening device, and everyone with logical access will be blissfully unaware.

If they want to MITM encrypted traffic they need to demand access from somebody with access to the certificates, who is going to be higher paid and more likely to speak to at least a lawyer before granting access.


The point is that if you're communicating with someone via Google, encryption terminates at Google, not with the other party.


If that was discovered nothing would happen or change. To some degree has happened with Windows 10, android/iOS for personal computing.

They wouldn't monitor themselves but provide access to law agencies anyhow.





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: